You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ozone.apache.org by GitBox <gi...@apache.org> on 2021/11/10 00:29:27 UTC

[GitHub] [ozone] bharatviswa504 commented on a change in pull request #2817: HDDS-5910 Add additional verification for S3 Auth.

bharatviswa504 commented on a change in pull request #2817:
URL: https://github.com/apache/ozone/pull/2817#discussion_r746153098



##########
File path: hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/OzoneClientProducer.java
##########
@@ -112,6 +112,9 @@ public S3Auth getSignature() {
   @NotNull
   @VisibleForTesting
   OzoneClient createOzoneClient() throws IOException {
+    // S3 Gateway should always set the S3 Auth. OM can choose to ignore it
+    // based on the security configuration.

Review comment:
       Can you explain what this comment means?
   OM can choose to ignore it
       // based on the security configuration.

##########
File path: hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/protocol/S3Auth.java
##########
@@ -24,6 +24,7 @@
   private String stringToSign;
   private String signature;
   private String accessID;
+  public static final String S3_AUTH_CHECK = "ozone.s3.auth.check";

Review comment:
       This will be S3Gateway config, but it is internal should not be exposed to end users if i understand correctly.

##########
File path: hadoop-ozone/client/src/main/java/org/apache/hadoop/ozone/client/rpc/RpcClient.java
##########
@@ -185,15 +185,21 @@ public RpcClient(ConfigurationSource conf, String omServiceId)
     this.clientConfig = conf.getObject(OzoneClientConfig.class);
 
     OmTransport omTransport = createOmTransport(omServiceId);
-    this.ozoneManagerClient = TracingUtil.createProxy(
+    OzoneManagerProtocolClientSideTranslatorPB
+        ozoneManagerProtocolClientSideTranslatorPB =
         new OzoneManagerProtocolClientSideTranslatorPB(omTransport,
-            clientId.toString()),
-        OzoneManagerClientProtocol.class, conf
-    );
+        clientId.toString());
+    this.ozoneManagerClient = TracingUtil.createProxy(
+        ozoneManagerProtocolClientSideTranslatorPB,
+        OzoneManagerClientProtocol.class, conf);
     dtService = omTransport.getDelegationTokenService();
-    ServiceInfoEx serviceInfoEx = ozoneManagerClient.getServiceInfo();
     List<X509Certificate> x509Certificates = null;
     if (OzoneSecurityUtil.isSecurityEnabled(conf)) {
+      ServiceInfoEx serviceInfoEx = ozoneManagerClient.getServiceInfo();
+      // If the client is authenticating using S3 style aut, all future

Review comment:
       aut -> auth




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org